Penetration testing, ethical hacking and vulnerability assessments
In this security testing and ethical hacking guide, you will get info on how to conduct a vulnerability assessment of your network and IT environment with penetration testing and ethical hacking tools and software, ethical hacker training and certifications.
Top Stories
-
Answer
28 Aug 2024
Types of hackers: Black hat, white hat, red hat and more
Black, white and gray hats are familiar to security pros, but as the spectrum evolves to include green, blue, red and purple, things get muddled. Brush up on types of hackers. Continue Reading
-
Feature
06 Feb 2024
20 free cybersecurity tools you should know about
Cybersecurity products can get pricy but there are many excellent open source tools to help secure your systems and data. Here's a list of some of the most popular with cyber pros. Continue Reading
-
News
27 Sep 2017
Windows digital signature bypassed with two registry edits
The DerbyCon keynote covered why security research is an approachable field, as well as how to bypass a Windows digital signature check to run unwanted code. Continue Reading
-
News
08 Sep 2017
Apache Struts vulnerability affects versions since 2008
A researcher discovered a remotely exploitable Apache Struts vulnerability being actively exploited in the wild. A patch was released, and users were urged to update software immediately. Continue Reading
-
News
07 Sep 2017
SHA-1 hashes recovered for 320M breached passwords
Security researchers once again proved how easy it can be to recover SHA-1 hashes by cracking the hashes on nearly 320 million passwords related to data breaches. Continue Reading
-
Opinion
01 Sep 2017
From security product marketing to CEO: Jennifer Steffens
The CEO of a global pen tester used to work for the New York Yankees. Find out how Jennifer Steffens went from sports marketing to head of a security service provider. Continue Reading
-
News
01 Sep 2017
Intel kill switch ME code indicates connection to NSA
Researchers discovered an Intel kill switch hiding in one of the chipmaker's software products, along with references to an NSA program focused on secure computing. Continue Reading
- 28 Aug 2017
-
News
21 Aug 2017
iPhone Secure Enclave firmware encryption key leaked
Experts and Apple say despite the leak of the iPhone Secure Enclave Processor encryption key that can be used to decrypt firmware code, user data and biometric information are still safe. Continue Reading
-
News
02 Aug 2017
Hacking voting machines takes center stage at DEFCON
DEFCON attendees were successful in hacking voting machines and now that there is proof the systems are insecure, more work needs to be done to change election laws and practices. Continue Reading
-
Answer
24 Jul 2017
SQL Slammer worm returns: How risky is it for enterprises?
The SQL Slammer worm has re-emerged to attack a vulnerability in Microsoft SQL Server 2000. Expert Nick Lewis explains what enterprises can do to manage out-of-date systems. Continue Reading
-
Tip
28 Jun 2017
Incorporating static source code analysis into security testing
Static source code analysis, along with dynamic analysis and pen testing, can help strengthen your application security. Expert Kevin Beaver goes over the features to look out for. Continue Reading
-
News
27 Jun 2017
Windows Defender bug could allow full-system takeover
A newly disclosed Windows Defender bug, which could allow an attacker to fully take over a target system and create admin accounts, marks yet another major antivirus vulnerability. Continue Reading
-
News
26 Jun 2017
Security code reviews by Russian agencies cause concern
Demands for security code reviews by Russia have been on the rise, and not all experts or U.S. companies want to comply with the requests. Continue Reading
-
News
26 May 2017
Voting machine hacking to be taken on at DEFCON 2017
Possible voting machine hacking has been a topic of conversation since before the 2016 election and at DEFCON 2017; professional pentesters will find out what damage can be done. Continue Reading
-
News
17 May 2017
Q&A: Talking bug bounty programs with Bugcrowd's Casey Ellis
As bug bounty programs become more mainstream, Bugcrowd founder and CEO Casey Ellis offers insights into rewards, best practices and tips for getting the most bang for the buck. Continue Reading
-
Tip
09 May 2017
How to identify and address overlooked web security vulnerabilities
Certain web security vulnerabilities evade detection due to oversight or carelessness. Expert Kevin Beaver discusses the top overlooked issues and how to address them. Continue Reading
-
Answer
01 May 2017
Panasonic Avionics IFE systems: How serious are the vulnerabilities?
Panasonic Avionics' in-flight entertainment system vulnerabilities allow attackers to tamper with passenger seat displays. Expert Michael Cobb explains the impact of these flaws. Continue Reading
-
Tip
07 Apr 2017
Preparing enterprise systems for the scriptless Linux exploit
The scriptless Linux exploit deviates from usual methods that security tools recognize as attacks. Expert Nick Lewis explains how the exploit works and how to prevent it. Continue Reading
-
Answer
03 Apr 2017
How did firmware create an Android backdoor in budget devices?
An Android backdoor was discovered in the Ragentek firmware used in almost three million low-cost devices. Expert Michael Cobb explains how to prevent attacks on affected devices. Continue Reading
-
News
30 Mar 2017
Google's Project Zero Prize uncovers zero Android remote exploits
After six months, Google's Project Zero Prize competition uncovered zero Android remote exploits: no bugs, no prizes, no entries. Continue Reading
-
Tip
28 Mar 2017
Android VPN apps: How to address privacy and security issues
New research on Android VPN apps revealed the extent of their privacy and security flaws. Expert Kevin Beaver explains how IT professionals can mitigate the risks. Continue Reading
-
News
10 Mar 2017
Report on zero-day vulnerabilities highlights shelf life, overlap
News roundup: Report on zero-day vulnerabilities questions government stockpiling. Plus, Comey talks encryption and privacy, FCC blocks consumer protection rule, and more. Continue Reading
-
News
09 Mar 2017
Operation Rosehub patches Java vulnerabilities in open source projects
Google employees recently completed Operation Rosehub, a grass roots effort that patches a set of serious Java vulnerabilities in thousands of open source projects. Continue Reading
-
News
06 Mar 2017
New cybersecurity report gets the hacker perspective
A new cybersecurity report used a hacker survey to offer a perspective on IT that can often be overlooked and found there may not be any easy answers. Continue Reading
-
Answer
27 Feb 2017
How can enterprises leverage Google's Project Wycheproof?
Google's Project Wycheproof tests crypto libraries for known vulnerabilities, but there are potential drawbacks to this tool. Expert Matthew Pascucci explains them. Continue Reading
-
News
06 Feb 2017
Q&A: Rapid7's Beardsley and Brown take on bug bounty programs, IoT
Rapid7's Beardsley and Brown are back with more insight into vulnerability disclosure, the value of bug bounty programs and, of course, IoT. Continue Reading
-
News
31 Jan 2017
Q&A: Rapid7's Beardsley and Brown dish on Mirai botnet, pen testing
Rapid7's Beardsley and Brown offer insight on Mirai botnet attacks, while also sharing some of their craziest penetration testing and incident response experiences. Continue Reading
-
News
20 Jan 2017
Vulnerable Adobe extension downloads covertly to Chrome
News roundup: A flawed Adobe extension was secretly installed on 30 million Chrome browsers. Plus, the Mirai author has been identified; Google releases security details; and more. Continue Reading
-
Answer
11 Jan 2017
Are bug bounty programs secure enough for enterprise use?
The use of bug bounty programs in enterprises is growing, but they aren't risk free. Expert Mike O. Villegas discusses some concerns related to bug bounties. Continue Reading
-
News
04 Jan 2017
SSL certificate validation flaw discovered in Kaspersky AV software
Google Project Zero discovers more antivirus vulnerabilities. This time, the issues are with how Kaspersky Lab handles SSL certificate validation and CA root certificates. Continue Reading
-
Feature
09 Sep 2016
When to take a bug bounty program public -- and how to do it
Bug-finding programs are valuable to enterprises, but they require a lot of planning and effort to be effective. Sean Martin looks at what goes into taking a bug bounty program public. Continue Reading
-
Tip
12 Jul 2016
Best practices for an information security assessment
Information security assessments can be effective for identifying and fixing issues in your enterprise's policies. Expert Kevin Beaver explains the key components of the process. Continue Reading
-
Feature
09 Feb 2016
Comparing the top vulnerability management tools
Expert Ed Tittel compares how the top-rated vulnerability management tools measure up against each other so you can select the right one for your organization. Continue Reading
-
Feature
19 Jan 2016
Seven criteria for buying vulnerability management tools
Expert contributor Ed Tittel describes purchasing criteria for full-featured vulnerability management tools for small organizations to large enterprises. Continue Reading
-
Tip
12 Oct 2015
Getting to the bottom of the software vulnerability disclosure debate
The vulnerability disclosure debate rages on: Enterprises should know they are at risk, but vendors need time to patch flaws. Which side should prevail? Expert Michael Cobb discusses. Continue Reading
-
Feature
01 Oct 2015
Choose the best vulnerability assessment tools
This Buyer's Essentials guide helps InfoSec pros assess vulnerability management products by explaining how they work and by highlighting key features corporate buyers should look for so they can evaluate vendor offerings. Continue Reading
-
Answer
17 Aug 2015
Can a new encryption trick prevent reverse engineering?
Expert Michael Cobb explains how reverse engineering can be made more difficult with an approach called Hardened Anti-Reverse Engineering System or HARES. Continue Reading
-
News
16 Jul 2015
Flash Player security failures turn up the hate
There have been calls for the death of the Adobe Flash Player for years either due to performance issues or the threat of exploit. But with a recent rash of zero-day vulnerabilities, those calls are getting louder. Continue Reading
-
Tip
01 Jun 2015
Understanding and mitigating a FREAK vulnerability attack
After the discovery that the FREAK vulnerability can affect a wide variety of OSes, enterprises should amp up mitigation efforts. Here's some background on the attack and how to stop it. Continue Reading
-
Quiz
19 Aug 2014
Authenticated vulnerability scanning: How much do you know?
This vulnerability scanning quiz will test you on the key points we've covered in the webcast, podcast and article in this Security School. Continue Reading
-
Tip
21 May 2014
Stop attackers hacking with Metasploit
Metasploit attacks may not be sexy, but they can stab through enterprise defenses. Learn how basic security controls can thwart Metasploit hacking. Continue Reading
-
Tip
12 Nov 2013
PCI DSS version 3.0: The five most important changes for merchants
PCI DSS version 3.0 isn't a wholesale revision, but longtime PCI expert Ed Moyle says merchants' transitions must start now to avoid problems later. Continue Reading
-
Feature
24 Oct 2012
Metasploit Review: Ten Years Later, Are We Any More Secure?
Some say the pen testing framework is a critical tool for improving enterprise security, while others say it helps attackers. Continue Reading
-
News
10 Nov 2010
Barracuda launches bug bounty for its security products
Security vendor offers bounty for bugs found in its firewall and Web filtering appliances. Continue Reading
-
News
14 Oct 2010
Security services firm iSEC Partners acquired
The pen-testing and security services consultancy, which has been at the forefront of innovative research in the past half-decade, is being acquired by England's NCC Group. Continue Reading
-
News
28 Jul 2010
Black Hat 2010 podcast: Microsoft on bug disclosure, new security tool
Dave Forstrom, director of Microsoft's Trustworthy Computing talks about Microsoft's "responsible disclosure" announcement, bug buyback programs and several Black Hat 2010 announcements. Also, Brad Arkin, senior director of product security and privacy for Adobe, discusses his firm's decision to partner with Microsoft on its Active Protections Program, giving vulnerability data to security vendors prior to pushing out a patch. Continue Reading
-
Answer
25 May 2010
Which tools will help in validating form input in a website?
Find out how to validate form input in a website. Continue Reading
-
News
17 May 2007
Security Wire Weekly -- May 16, 2007
Core Security's Ivan Arce discusses the pros and cons of penetration testing, "month-of" flaw disclosure projects and hacking contests. Also, a summary of the week's news. Continue Reading
- Answer 04 Mar 2004
